CN104239028A - Information processing device, information processing method and program - Google Patents

Information processing device, information processing method and program Download PDF

Info

Publication number
CN104239028A
CN104239028A CN201410249642.5A CN201410249642A CN104239028A CN 104239028 A CN104239028 A CN 104239028A CN 201410249642 A CN201410249642 A CN 201410249642A CN 104239028 A CN104239028 A CN 104239028A
Authority
CN
China
Prior art keywords
developer
information
identifying
access control
user terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410249642.5A
Other languages
Chinese (zh)
Other versions
CN104239028B (en
Inventor
平塚阳介
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp filed Critical Sony Corp
Publication of CN104239028A publication Critical patent/CN104239028A/en
Application granted granted Critical
Publication of CN104239028B publication Critical patent/CN104239028B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/282Controlling appliance services of a home automation network by calling their functionalities based on user interaction within the home
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Control Or Security For Electrophotography (AREA)

Abstract

The invention relates to an information processing device, an information processing method and a program. There is provided the information processing device including an obtaining unit configured to obtain, from a user terminal, developer identification information, and access control information for controlling whether or not one or more functions possessed by the information processing device are permitted to be executed, the developer identification information and the access control information being related to an application program possessed by the user terminal, a determination unit configured to determine whether or not a developer of the application program indicated by the developer identification information is a developer who has made an advance request for authorization for use, and a control unit configured to control execution of at least a portion of the one or more functions based on the access control information, based on the result of the determination by the determination unit.

Description

Messaging device, information processing method and program
Quoting of related application
This application claims the right of priority of the Japanese patent application JP2013-125827 that on June 14th, 2013 submits to, the whole content of this application is incorporated by reference at this.
Technical field
The disclosure relates to messaging device, information processing method and program.
Background technology
In recent years, provide the user terminal utilizing such as intelligent telephone set and so on, operate the equipment of such as digital camera, televisor and so on, or the function of the such as messaging device of personal computer (PC) and so on.
Utilize user terminal, the function of operation information treatment facility is such as by the user terminal, installs that vertical application (below referred to as " application program ") realizes.
The application programming interface (API) of the program of the operation of control information treatment facility can be provided as, to allow them to develop the application program of the operation of control information treatment facility to common developer.
Such as, see JP H10-83310A.
Summary of the invention
In the API provided as mentioned above, some API can be made open to common developer, and some other API then only has the developer of special permission, or the developer of the usage charges paying API just can obtain.So, need one to depend on developer always, change the open scope of API, that is, the scheme of the use restriction of the function provided about messaging device.
But, if the application program that the developer being not authorized to use API produces has wherein this developer and to disguise oneself as the authorized identifying information (hereinafter also referred to as " developer's identifying information ") using the instruction developer of other developers of API, so this application program can utilize the API that this developer is not authorized to use without authorization.
In these cases, the disclosure proposes one can depend on developer, the use of limitation function, thus the messaging device of the new improvement used without authorization of prevention function, information processing method and program.
According to embodiment of the present disclosure, a kind of messaging device is provided, comprise acquiring unit, described acquiring unit is configured to from user terminal, obtain developer's identifying information, with the access control information that one or more functions controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have, identifying unit, described identifying unit is configured to judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance, and control module, described control module is configured to the result of determination according to identifying unit, the execution at least partially in one or more functions described is controlled based on access control information.
As mentioned above, the messaging device of embodiment of the present disclosure obtains the developer identifying information relevant to application program from user terminal, and whether be the developer asking use authority in advance according to the developer of the developer's identifying information instruction obtained, control the execution of its function.By pointing out developer like this, even if when function is used without authorization by the developer of other developer authorized that disguises oneself as, there is provided the actual development personnel indicated during this application program also not conform to the developer pointed out during this function of use, use without authorization so can detect.Because the use without authorization of the developer disguising oneself as other developer authorized is detected like this, use without authorization therefore, it is possible to stop.
According to embodiment of the present disclosure, a kind of information processing method is provided, comprise from user terminal, obtain developer's identifying information, with the access control information that one or more functions controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have, judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance, with the result of determination according to identifying unit, the execution at least partially in one or more functions described is controlled based on access control information.
According to embodiment of the present disclosure, there is provided a kind of program making computing machine perform following steps: from user terminal, obtain developer's identifying information, with the access control information that one or more functions controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have, judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance, with the result of determination according to identifying unit, the execution at least partially in one or more functions described is controlled based on access control information.
As mentioned above, according to the disclosure, one is provided to depend on developer, the use of limitation function, thus the messaging device used without authorization of prevention function, information processing method and program.
Accompanying drawing explanation
Fig. 1 is the diagram that the field that can be applicable to according to the information handling system of embodiment of the present disclosure is described;
Fig. 2 is the diagram of the example system structure of the information handling system schematically illustrating embodiment;
Fig. 3 is the diagram of the illustration application of the information handling system that the present embodiment is described;
Fig. 4 is the diagram of the illustration application of the information handling system that the present embodiment is described;
Fig. 5 is the diagram of the illustration application of the information handling system that the present embodiment is described;
Fig. 6 is the block scheme of the Exemplary structures of the management server represented according to embodiment;
Fig. 7 is the block scheme represented according to the messaging device of embodiment and the Exemplary structures of user terminal;
Fig. 8 is the sequence chart of the sequence of operations of the management server representing embodiment;
Fig. 9 is the sequence chart of the sequence of operations of the messaging device representing embodiment;
Figure 10 is the key diagram of the illustration hardware configuration of the messaging device represented according to embodiment of the present disclosure.
Embodiment
Below with reference to the accompanying drawings, preferred embodiment of the present disclosure is described in detail.Notice that the composed component that function and structure is substantially identical represents with identical Reference numeral, and the repeat specification of these composed components is omitted in the specification and illustrated in the drawings.
Attention will be described according to following order.
1. the concise and to the point description of problem
2. overview
3. structure
4. process
5. hardware configuration
6. sum up
<1. the concise and to the point description > of problem
First with reference to figure 1, the problem overcome according to the information handling system of embodiment of the present disclosure is described.Fig. 1 is the diagram that the field that the information handling system of embodiment of the present disclosure can be applicable to is described.
As shown in fig. 1, in recent years, provide the user terminal 20 utilizing such as intelligent telephone set and so on, operate the equipment of such as digital camera 10a, televisor 10b and so on, or the function of the such as messaging device 10c of personal computer (PC) and so on.Note, in the following description, digital camera 10a, televisor 10b and messaging device 10c can be generically and collectively referred to as " messaging device 10 ".
Utilize user terminal 20, the technology of operation information treatment facility 10 is such as by user terminal 20, installs vertical application d10, and by application program d10, and the operation of control information treatment facility 10 realizes.
The API of the operation of control information treatment facility 10 can be provided to common developer, with the application program d10 allowing them to develop the operation of control information treatment facility 10.
In the API provided as mentioned above, there is various API, comprise the API controlling basic operation, allow the API of vernier control, realize the API of additional function, etc.In these API, some API can be made open to common developer, and some other API then only has the developer of special permission, or the developer of the usage charges paying API just can obtain.So, need one to depend on developer always, change the open scope of API, that is, the scheme of the use restriction of the function provided about messaging device 10.
But, if the application program that the developer being not authorized to use API produces has wherein this developer and to disguise oneself as the authorized identifying information (hereinafter also referred to as " developer's identifying information ") using the instruction developer of other developer of API, so this application program can utilize the API that this developer is not authorized to use without authorization.So, the developer of another developer always needing a kind of prevention to disguise oneself as authorized to the developer of other developer authorized to the technology used without authorization of API.
The exemplary technologies used without authorization stoping API utilizes key exchange scheme, to the information encryption exchanged between user terminal 20 and messaging device 10, thus reduces or prevent the eavesdropping on communication port.But download to user terminal 20, the application program of such as intelligent telephone set may be disassembled.This is equally applicable to be kept at the key information in user terminal 20 in order to enciphered message.If key information is disassembled, and by open without authorization, the protection so based on the information of encryption is meaningless.
Such as, on the other hand, by external server etc., instead of at messaging device 10 or user terminal 20, manage the authorization message of each developer, and allow messaging device 10 with reference to the authorization message at server, the access control to API can be realized.But some messaging devices 10, such as digital camera etc. do not access external network, the interface of such as the Internet etc.Thus, be difficult to moment access external server.User terminal 20 is also difficult to moment access external server.Such as, when some user terminals 20 are based on the technology of such as Wireless Fidelity (Wi-Fi) (registered trademark) and so on, with messaging device 10, when such as digital camera etc. directly communicate, they can not access external network.
Concerning some messaging devices 10 that mustn't access external network, utilize such as firmware renewal etc., upgrade internal information, so, be difficult to take the circumstances into consideration to upgrade internal information.So, such as, preserve for judging that specific development personnel are impracticable for the technology of the information of the authority of API at messaging device 10.
On the other hand, the certificate (such as, digital certificate) giving application program itself indicates authenticity, according to described certificate, can judge the authenticity of the mandate of accessing API.But, when being additional to the certificate of the application program worked in user terminal 20 messaging device 10 inspection, application program itself must be sent to messaging device 10, causing the workload starting application program to increase.
In these cases, even if need a kind of when the information in user terminal 20 is referenced always, also can stop the use without authorization disguised oneself as through API, and whether can be connected to the scheme of external network regardless of messaging device 10.
So the disclosure proposes one can depend on developer, the use of restriction API, thus stop the developer of other developer authorized that disguises oneself as to the information handling system used without authorization of API.
<2. overview >
The following describes the overview of the information handling system of the present embodiment.The information handling system of the present embodiment provides a kind of to the open API50 relevant with the operation of control information treatment facility 10 of developer u50, so that developer u50 can develop the scheme of the application program d10 of the operation for control information treatment facility 10.
(system architecture)
Below with reference to Fig. 2.Fig. 2 is the diagram of the example system structure of the information handling system schematically illustrating the present embodiment.
As shown in Figure 2, the information handling system of the present embodiment comprises messaging device 10, user terminal 20, management server 30, and developer's terminal 80 and application program provide server 90.
Developer's terminal 80 illustrates the terminal of developer u50 developing application d10.Application program provide server 90 schematically illustration be supplied to the server of domestic consumer u20 with compensation or gratis for the application program d10 that developer u50 is developed.Application program provides the object lesson of server 90 to be to provide fulfillment channel, such as the server in application program shop.Such as, user terminal 20, by providing server 90 down load application program d10 from application program, obtains and provides application program d10 disclosed in server 90 in application program.
Noting, provide server 90 by means of application program, providing the technology of application program d10 just for illustrating.The information handling system of the present embodiment can have the arbitrary structures allowing user terminal 20 to obtain the application program d10 developed by developer u50.Such as, application program d10 can be stored in portable medium being supplied to user u20 etc.In this case, by user u20, the application program d10 be kept in portable medium is installed in user terminal 20, application program d10 is saved in user terminal 20.
Management server 30, developer's terminal 80, application program provide server 90 and user terminal 20 to be linked together by network n0.Such as, network n0 is made up of the Internet, dedicated line, LAN (Local Area Network) (LAN), wide area network (WAN) etc.Attentional network n0 can be arbitrary form, wherein by network, different equipment connections together.Management server 30, developer's terminal 80, application program provide server 90 and some in user terminal 20 can by physically or logically different from another network for miscellaneous equipment networks link together.As an object lesson, by utilizing VPN (virtual private network) (VPN) technology, the external network of the connection between management server 30 with developer's terminal 80 and such as the Internet and so on can be separated.
Messaging device 10 illustrates the control object that its operation is controlled by the application program d10 performed at user terminal 20.Messaging device 10 and user terminal 20 are linked together by network n1.Such as, network n1 be such as Wi-Fi and so on equipment between direct communication in wireless communication.Although in the following description, network n1 is described as the wireless communication in the direct communication between messaging device 10 and user terminal 20, but, network n1 can take permission between messaging device 10 and user terminal 20, set up any form of communication.
Messaging device 10 preserves the API50 for controlling its operation, and according to the execution based on application program d10, carrys out the instruction of user terminal 20, performs the corresponding program (API) in API50.
(access control to API)
In the information handling system of the present embodiment, messaging device 10 utilizes API50 to control the state of mandate of its operation according to the request of developer u50, controls from the access of application program d10 to each API API50.The following describes the overview of the access control to each API in API50 in the information handling system of the present embodiment.
In the information handling system of the present embodiment, according to the request to use authority from developer u50, management server 30 sends access control information d30 to developer u50, and access control information d30 is for removing the restriction to the one or more API be given the ratification about its use authority in API50.
Particularly, developer's terminal 80 that management server 30 operates from developer u50, obtains developer's name d20 of the developer u50 specified by developer u50, and the list of one or more API that will use in API50.Management server 30 sends identifying information d22 to the developer u50 indicated by developer's name d20.
According to the API list obtained, management server 30 generates for controlling (permission) to the access control information d30 of the access of the API in list.Note, the content of access control information d30 will illustrate together with the concrete structure being used for generating access control information d30 below.
The key information k10 that management server 30 generates before preserving, and according to key information k10, developer's name d20, identifying information d22 and access control information d30 are encoded, thus generate coded message d32.
Management server 30 is the identifying information d22 sent, and the access control information d30 generated and coded message d32 sends developer's terminal 80 of developer u50 to.Thus, complete developer u50 utilize in API50 be its request use authority one or more API, the request in advance of developing application d10.
Note, in the information handling system of the present embodiment, when employing is for its request is authorized, so that when being used in the API in application program d10 leaved for development, developer u50 embeds developer's name d20, identifying information d22, access control information d30 and coded message d32 in application program d10.Note, in the following description, developer's name d20 and identifying information d22 is generically and collectively referred to as " developer's identifying information ".Developer's identifying information, access control information d30 and coded message d32 can be generically and collectively referred to as " authentication information ".By this structure, as executive utility d10, messaging device 10 obtains the authentication information embedded in application program d10, and according to the authentication information obtained, can judge that whether developer u50 is authorized and use API.Note, messaging device 10 is according to authentication information, and judgement uses with presence or absence of the authority of API and operates and will describe in detail below.
Note, according to the operation of API, the rule embedding authentication information in application program d10 can be formulated.As an object lesson, for the one or more API that must ask use authority in API50, a kind of process can be defined, so that as executive utility d10, if there is no embed the authentication information in application program d10, then do not remove and use restriction.
Note, developer u50 provides on server 90 in such as application program, openly has the application program d10 of the authentication information of embedding.As a result, user u20 can provide server 90 to download the application program d10 developed by developer u50 from application program, then application program d10 is arranged in themselves user terminal 20.
Below, illustrate when user terminal 20 is by performing the application program d10 be arranged in user terminal 20, by the operation carried out during network n1 visit information treatment facility 10.
When application program d10 the term of execution, when receiving the access of user terminal 20, the messaging device 10 of the present embodiment, from user terminal 20, obtains the authentication information embedded in application program d10.
Now, user terminal 20 sends messaging device 10 to the developer's identifying information in authentication information and access control information d30, and does not carry out irreversible process to it.User terminal 20 at least can send messaging device 10 to the developer's identifying information in authentication information, and is not encrypted or coded treatment it.Notice that, encryption and coded treatment refer to encryption for the protection of data and coded treatment here, instead of based on the communication encryption of predetermined communication plan and coded treatment.
User terminal 20 also to the coded message d32 coding be included in authentication information, can be sent to messaging device 10 afterwards.In this case, user terminal 20 can obtain key information (such as, random number) for encoding to coded message d32 from messaging device 10.Note, what user terminal 20 carried out will describe in detail below to the process of coded message d32 coding.
Messaging device 10, according to the authentication information obtained from user terminal 20, judges whether the developer u50 indicated by the developer's identifying information be included in authentication information is the developer that request uses the mandate of API.
As an object lesson, messaging device 10 can be encoded to developer's name d20, identifying information d22 and the access control information d30 obtained from user terminal 20, thus generates coded message d42, and according to coded message d42, identifies developer u50.
In this case, messaging device 10 obtains in advance and preserves the key information k10 be stored in management server 30.Messaging device 10, according to key information k10, is encoded to the developer's identifying information obtained from user terminal 20 and access control information d30, thus generates coded message d42.Afterwards, messaging device 10 can compare the coded message d42 of generation and the coded message d32 of acquisition, and whether conform to the coded message d32 of acquisition according to the coded message d42 generated, judge whether the developer u50 indicated by developer's identifying information is the developer that request uses the mandate of API.
Note, decision technology is above just for illustrating.Can use and allow messaging device 10 according to the authentication information obtained, judge whether the developer u50 indicated by developer's identifying information is any decision technology that request uses the developer of the mandate of API.
After confirming that developer u50 is the developer of the mandate of having asked use API, messaging device 10, according to the access control information d30 be included in authentication information, identifies to be that it asks the API of use authority.Afterwards, depend on application program d10 the term of execution invoked API whether among those API that can identify according to access control information d30, messaging device 10 controls self execution to described called API.
If confirm that developer u50 is the developer having asked the mandate using API, so messaging device 10 can make such as display unit identifiably show the developer u50 indicated by developer's identifying information.Such as, Fig. 3 is the diagram of the illustration application of the information handling system that the present embodiment is described, represents wherein when establishing the connection between messaging device 10 and user terminal 20, the situation of the information of the developer of display instruction application program d10.As shown in Figure 3, information handling system 10 makes display unit 106 (such as, display) show developer information v10, and developer information v10 identifiably presents the developer u50 indicated by developer's identifying information.
Note, assuming that when not asking use authority in advance, developer u50, in application program d10, embedded in wherein developer u50 and to disguise oneself as the authentication information of other developer requesting use authority in advance.In this case, when providing application program d10, the developer indicated in download website etc. with application program d10 the term of execution display developer do not conform to.Such as, Fig. 4 is the diagram of the illustration application of the information handling system that the present embodiment is described, illustrates the download website v90 of illustration.
As shown in Figure 4, at download website v90, as the information relevant to application program d10 to be supplied, the developer information v92 of the exploitation of display instruction application program d10.As mentioned above, if in authentication information, developer u50 disguises oneself as and requests other developer of use authority in advance, and the developer information v10 be so presented on the display unit 106 of Fig. 3 does not conform to the developer information v92 on the download website v90 being presented on Fig. 4.Note, when portable medium is used to install, such as can according to the explanation in the packaging of portable medium, or on website disclosed information, examine real developer.
In addition, application program d10 the term of execution, developer's identifying information is not encrypted or is transmitted to messaging device 10 with encoding.So developer's identifying information exposes to the open air on the network n1 between user terminal 20 and messaging device 10.
As mentioned above, in the information handling system of the present embodiment, application program d10 the term of execution, on user terminal 20, prompting embeds the developer's identifying information in application program d10.As a result, even if API is used without authorization by the developer of other developer authorized that disguises oneself as, this developer disguises oneself as other developer authorized also can to make to utilize the user of application program d10 to find.If this developer disguises oneself as other developer authorized to utilize the user of application program d10 so to realize, so user finds the use without authorization of this developer, thus concomitantly, the without authorization use of developer to API of other developer authorized that disguises oneself as can be stoped.
Note, the moment that messaging device 10 makes display unit 106 show developer information v10 has no particular limits.As an object lesson, as the application program d10 according to execution in user terminal 20, during control operation, messaging device 10 can make display unit 106 show developer information v10.
Such as, Fig. 5 is the diagram of the illustration application of the information handling system that the present embodiment is described, represents that wherein digital camera is used as messaging device 10, and according to carrying out the operation of user terminal 20, controls the example utilizing the image taking of described digital camera.In the example of fig. 5, as the result of image taking utilizing digital camera, the image v20a of shooting is displayed on display unit 106, and image v20a is transmitted to user terminal 20, and is displayed on the display unit 206 of user terminal 20 as image v20b.Now, together with the image v20a be presented on display unit 106, digital camera can show developer information v10.Thus by when application program d10 works, display developer information v10, can make user u20 more understand relation between the application program d10 of work and the developer indicated by developer information v10.
<3. structure >
The following detailed description of the structure of information handling system 10, user terminal 20 and management server 30.First with reference to figure 6, the structure of management server 30 is described.Fig. 6 is the block scheme of the Exemplary structures of the management server 30 representing the present embodiment.
(management server 30)
As shown in Figure 6, management server 30 comprises developer's information acquisition unit 302, identifying information generation unit 304, developer's information memory cell 306, coded message generation unit 308 and key-information storage unit 310.
Developer's terminal 80 that developer's information acquisition unit 302 operates from developer u50, obtains developer's name d20 of the developer u50 specified by developer u50, and the list of one or more API of use in API50.
Note, the technology that developer's information acquisition unit 302 obtains developer's name d20 and API list has no particular limits.Such as, developer's information acquisition unit 302 can utilize mail, obtains developer's name d20 and API list from developer's terminal 80.
As another example, developer's information acquisition unit 302 can generate the screen being used to specify developer's name d20 and API list.In this case, such as, developer u50 can operate developer's terminal 80, with access management server 30, and operates the screen presented by developer's information acquisition unit 302, to specify developer's name d20 and API list.
Developer's information acquisition unit 302, the developer's name d20 obtained and API list, exports to identifying information generation unit 304.
Identifying information generation unit 304 obtains developer's name d20 and API list from developer's information acquisition unit 302.Identifying information generation unit 304 sends to identifying information d22 the developer u50 indicated by developer's name d20.
Identifying information generation unit 304, according to the API list obtained, generates access control information d30, to control (permission) access to the API in list.
Access control information d30 can be such as the list of the title of the authorized API used of developer, or the list of the identifying information of the title of instruction API (such as, indicating the numbering of API).API management unit can be pressed as one sees fit, change the content of access control information.Such as, when in units of routine package during Administration API, access control information d30 can be the list that developer is authorized to the title of the routine package used.When developer can be divided into predetermine class, and for each developer's classification specify available API time, access control information d30 can be the information of instruction developer classification.Thus access control information d30 can take to make the authorized discernible any form of API used of developer.
Identifying information generation unit 304, the developer's name d20, the identifying information d22 of transmission that obtain and the access control information d30 of generation, is dependently of each other kept in developer's information memory cell 306 as developer's information.Note, as the developer u50 from registered developer's information, when receiving the registration request about the API recently utilized, developer's information of the renewable developer u50 be kept in developer's information memory cell 306 of identifying information generation unit 304.
Identifying information generation unit 304 exports to coded message generation unit 308 the developer's name d20, the identifying information d22 of transmission that obtain and the access control information d30 of generation.
Coded message generation unit 308 obtains developer's name d20, identifying information d22 and the access control information d30 of self-identification information generation unit 304.
Coded message generation unit 308, according to the key information k10 generated in the past, is encoded to developer's name d20, identifying information d22 and access control information d30, thus generates coded message d32.Note, key information k10 is stored in key-information storage unit 310.
Now, coded message generation unit 308 can adopt irreversible coding technology as coding techniques.Note, any coding techniques based on key information can be adopted to generate coded message d32.A kind of illustration coding techniques generating coded message d32 is keyed Hash.
Coded message generation unit 308, identifying information d22, access control information d30 and coded message d32, sends developer's terminal 80 of developer u50 to.As a result, inform that developer u50 is based on it to developer u50, exploitation personnel u50 has been the API of its request use authority, the information of developing application d10, i.e. identifying information d22, access control information d30 and coded message d32.
Thus complete and allow developer u50 to utilize in API50, developer u50 has been one or more API of its request use authority, produces the request in advance of application program d10.Noting, in order to allow application program d10 to utilize the API50 be included in messaging device 10, not necessarily will inform developer's identifying information to messaging device 10, access control information d30 and coded message d32.So such as, informed developer's identifying information of developer u50 by management server 30, access control information d30 and coded message d32 is embedded in the application program d10 developed by developer u50.Note, if messaging device 10 is apprised of developer's identifying information, access control information d30 and coded message d32, so these every terms of informations not necessarily must be embedded in application program d10.
(messaging device 10 and user terminal 20)
Below with reference to Fig. 7, the structure of descriptive information treatment facility 10 and user terminal 20.Fig. 7 is the block scheme representing the messaging device 10 of the present embodiment and the Exemplary structures of user terminal 20.Note, assuming that the application program d10 developed by developer u50 has been arranged in user terminal 20.
First, user terminal 20 is described.As shown in Figure 7, user terminal 20 comprises the communication unit 202 for communicating with messaging device 10.In user terminal 20, set up applications 25.Note, application program 25 schematically illustrates by performing the function realized for the above-mentioned application program d10 of the operation of control information treatment facility 10.Application program 25 comprises communications processor element 252, coding processing unit 254, access control information storage unit 256 and coded message storage unit 258.
Communication unit 202 is the interfaces communicated with messaging device 10.Such as, communication unit 202 can be the equipment of the radio communication setting up such as Wi-Fi and so between user terminal 20 and messaging device 10.Note, communication unit 202 can be taked to allow between user terminal 20 and messaging device 10, set up the arbitrary form comprising any communication of radio communication.User terminal 20, by communication unit 202, exchanges data with messaging device 10.Note, in the following description, when the exchange data of each assembly of user terminal 20 and messaging device 10, even if clearly do not record, data are also exchanged by communication unit 202.
Access control information storage unit 256 is the storage unit of preserving developer's identifying information (such as, developer's name d20 and identifying information d22) and access control information d30.
Coded message storage unit 258 is the storage unit of preserving coded message d32.
Communications processor element 252 obtains data from messaging device 10, and transmits data to messaging device 10.The following describes the concrete operations of communications processor element 252.
When application program d10 is activated, communications processor element 252 solicited message treatment facility 10 generates coding key information, and obtains key information k20 responsively from messaging device 10.Note, key information k20 will describe in detail below together with the structure of messaging device 10.
When receiving the key information k20 from messaging device 10, communications processor element 252 exports to coding processing unit 254 the key information k20 obtained.Communications processor element 252, from coding processing unit 254, obtains the coded message d52 as the response of the output to key information k20.Coded message d52 is by according to key information k20, encodes and the information of acquisition to coded message d32.Note, the process relevant with generating coded message d52 will illustrate below together with the operation of coding processing unit 254.
Communications processor element 252, from access control information storage unit 256, reads developer's identifying information and access control information d30.Communications processor element 252 obtain coded message d52, and from access control information storage unit 256 read developer's identifying information and access control information d30 send messaging device 10 to as authentication information.
Now, communications processor element 252 sends messaging device 10 to the developer's identifying information in authentication information and access control information d30, and does not carry out irreversible process to it.Communications processor element 252 at least can send messaging device 10 to the developer's identifying information in authentication information, and is not encrypted or coded treatment it.Notice that, encryption and coded treatment refer to encryption for the protection of data and coded treatment here, instead of based on the communication encryption of predetermined communication plan and coded treatment.
Coding processing unit 254 obtains the key information k20 from communications processor element 252.When obtaining key information k20, coding processing unit 254 reads coded message d32 from coded message storage unit 258.Coding processing unit 254, according to the key information k20 obtained, to the coded message d32 coding read, thus generates coded message d52.
Now, coding processing unit 254 adopts irreversible coding technology as coding techniques.Note, any irreversible coding technology based on key information can be adopted to generate coded message d52.A kind of illustration coding techniques generating coded message d52 is keyed Hash.
Coding processing unit 254 exports to communications processor element 252 the coded message d52 generated.
The following describes the structure of messaging device 10.As shown in Figure 7, messaging device 10 comprises communication unit 102, key-information storage unit 104, display unit 106 and processing unit 150.Processing unit 150 comprises random number generation unit 152, authentication information acquiring unit 154, identifying unit 156, indicative control unit 158 and access control unit 160.
Communication unit 102 is the interfaces communicated with user terminal 20.Note, communication unit 102 has the structure similar with communication unit 202 described above, so no longer describe in detail.Note, in the following description, when the exchange data of each assembly of messaging device 10 and user terminal 20, even if clearly do not record, data are also exchanged by communication unit 102.
Key-information storage unit 104 is the storage unit of preserving key information k10.Key-information storage unit 104 preserves the key information k10 similar with the above-mentioned key information be kept in the key-information storage unit 310 of management server 30.
When receiving the request generating key information from user terminal 20, random number generation unit 152 generates coding key information k20.An object lesson of key information k20 is the information of stochastic generation, such as random number.Note, key information k20 is not limited to random number, can take functional any form of the key that can be provided for carrying out coded treatment.
Random number generation unit 152 sends user terminal 20 to the key information k20 generated.As a result, user terminal 20 according to key information k20, to coded message d32 coding, thus can generate coded message d52.
Random number generation unit 152 exports to identifying unit 156 the key information k20 generated.
Authentication information acquiring unit 154 obtains developer's identifying information, access control information d30 and coded message d52 as the authentication information from messaging device 10.Authentication information acquiring unit 154 exports to identifying unit 156 the authentication information obtained.
Identifying unit 156 obtains the authentication information transmitted from user terminal 20, and according to the authentication information obtained, judges whether the developer indicated by the developer's identifying information be included in authentication information is the developer asking use authority in advance.Note, the developer of the application program d10 that the developer's instruction indicated by developer's identifying information performs in user terminal 20.The following describes the illustration determination processing of being undertaken by identifying unit 156.
Identifying unit 156, from random number generation unit 152, obtains key information k20.Identifying unit 156 also from authentication information acquiring unit 154, certified Information.Identifying unit 156, also from key-information storage unit 310, reads key information k10.
Identifying unit 156, according to key information k10, is encoded to the developer's identifying information be included in the authentication information of acquisition and access control information d30, thus generates coded message d42.Note at this moment, the coded treatment that the coded treatment of the coded message generation unit 308 of identifying unit 156 basis and management server 30 is same, generate coded message d42.Particularly, when coded message generation unit 308 is according to the developer's identifying information be included in authentication information and access control information d30, when generating the coded message d32 as the generating resource of coded message d52, coded message d32 conforms to d42.
After generation coded message d42, identifying unit 156, according to key information k20, to the coded message d42 coding generated, thus generates coded message d62.Note now, the coded treatment that the coded treatment of the coding processing unit 254 of identifying unit 156 basis and user terminal 20 is same, generate coded message d62.
Identifying unit 156 compares the coded message d62 of generation and the coded message d52 of acquisition, when information d62 conforms to d52, the developer indicated is identified as the developer requesting use authority in advance by developer's identifying information.Note now, when coded message d32 conforms to d42, according to same key information k20, conforming to d62 with the coded message d52 of same encoding process encodes.
Note, the above-mentioned process of identifying unit 156 is just for illustrating.The operation of identifying unit 156 is unrestricted, as long as according to the authentication information obtained, can judge whether the developer indicated by the developer's identifying information be included in authentication information is the developer asking use authority in advance.Such as, if it is determined that unit 156, by external network, such as the Internet, communicates with management server 30, so identifying unit 156 is by external network, inquires that whether the developer's identifying information be included in the authentication information of acquisition is correct to management server 30.
Although be described above wherein according to key information k20, coded message d32 is encoded, afterwards it is sent to the example of messaging device 10 from user terminal 20, but, when not encoding to coded message d32 according to key information k20, coded message d32 can be sent to messaging device 10 from user terminal 20.In this case, much less, the process relevant with the production and transfer of key information k20, and according to key information k20, all dispensable to the process of coded message d32 coding.Messaging device 10 can obtain coded message d32 from user terminal 20, and judges whether the coded message d32 obtained conforms to the coded message d42 generated according to key information k10.
When the developer indicated by developer's identifying information is identified as the developer asking use authority in advance, identifying unit 156 is to access control unit 160 output access control information d30.Identifying unit 156 goes back informing user terminal 20, and the developer indicated by developer's identifying information has been judged as the developer asking use authority in advance.When receiving this notice, user terminal 20 can call for it asks the API of use authority in advance.
Identifying unit 156 is also indicating the information of developer indicated by developer's identifying information, and such as, developer's name d20 and identifying information d22 one of at least exports to indicative control unit 158.Note, in the following description, assuming that identifying unit 156 all exports to indicative control unit 158 developer's name d20 and identifying information d22.
Access control unit 160 obtains the access control information d30 from identifying unit 156.As the performance element (not shown) executive utility d10 of user terminal 20, during to call API, access control unit 160, according to access control information d30, allows or limits the execution of API.
As an object lesson, if be not particularly limited for the use of called API, thus need not ask the mandate using called API in advance, so access control unit 160 allows the execution of API.When allowing the execution of API, described API is performed by the performance element (not shown) of messaging device 10.
When the use for called API exists restriction, and according to access control information d30, when allowing the use of API, access control unit 160 allows the execution of API.
On the other hand, when the use for called API exists restriction, and according to access control information d30, when not allowing the use of described API, access control unit 160 limits or forbids the execution of described API.Now, access control unit 160 can informing user terminal 20, and the execution of called API is not allowed to.
Thus, access control unit 160 according to access control information d30, the execution of each API in control API50.
Indicative control unit 158, from identifying unit 156, obtains developer name d20 and identifying information d22.Indicative control unit 158 makes display unit 106 identifiably show developer's name d20 and the identifying information d22 of acquisition, that is, the information of the developer of the application program d10 of instruction execution.Display unit 106 is show medias, such as display etc.As an object lesson, when messaging device 10 is digital cameras, display unit 106 can be the display etc. arranged in order to fox message or the image checking shooting.
Thus, by identifiably showing the information of developer of the application program d10 that instruction performs, when API is used without authorization by the developer of other developer authorized that disguises oneself as, can stop thisly to use without authorization.
Particularly, when developer disguises oneself as other developer authorized, be presented at information on display unit 106 and when obtaining corresponding application program, the developer being presented at download website etc. does not conform to.So, by application program the term of execution, identifiably show the information of the instruction developer of acquisition, other developer authorized if this developer disguises oneself as, so can this developer disguises oneself as other developer authorized to using the user u20 of messaging device 10 to imply.
Note, when identifiably showing the information of instruction developer, the display of the information of instruction developer itself also can stop the without authorization use of developer to API of other developer authorized that disguises oneself as.So, when identifiably showing the information of instruction developer, before developer's name d20 or identifying information d22 is sent to messaging device 10 from user terminal 20, reversible encryption process or coded treatment can be carried out to developer's name d20 or identifying information d22.In this case, identifying unit 156 can be decoded to developer's name d20 or identifying information d22 that is encrypted or that encode, and according to the developer's name d20 decoded or identifying information d22, carries out above-mentioned determination processing.
Although be described above wherein for each developer, limit the example of available API, but, can according to practical operation, take the circumstances into consideration the management unit of the use changing restriction API.Such as, when for each application program, when limiting available API, can be different application programs, issue different access control information d30.In this case, can associatedly manage access control information d30 into each application issued with the identifying information d22 of wall scroll, or can be every bar access control information d30, issue different identifying information d22.Note, when issuing different access control information d30, there is the different coded message d32 generated according to each self-corresponding access control information d30, so, the access control to API can be changed in application program ground one by one.
<4. > is processed
The following describes the flow process of the process of the information handling system of the present embodiment, especially, comprise the operation asking in advance with developer u50 to use the mandate of API50 relevant, and messaging device 10 is according to the information carrying out user terminal 20, the operation of the use of control API50.
[with the operation of asking use authority relevant in advance]
First with reference to figure 8, illustrate and work as developer u50 to management server 30, request in advance uses the flow process of the process of the management server 30 of carrying out during the mandate of API50.Fig. 8 is the sequence chart of the sequence of operations of the management server 30 representing the present embodiment.
(step S102)
Developer's terminal 80 that developer's information acquisition unit 302 operates from developer u50, obtain the developer's name d20 of developer u50 specified by developer u50, and the list of one or more API that the personnel that the are developed u50 in API50 uses.
Developer's information acquisition unit 302 exports to identifying information generation unit 304 the developer's name d20 obtained and API list.
(step S104)
Identifying information generation unit 304 obtains developer's name d20 from developer's information acquisition unit 302 and API list.Identifying information generation unit 304 sends to identifying information d22 the developer u50 indicated by developer's name d20.
Identifying information generation unit 304, also according to the API list obtained, generates access control information d30, for controlling (permission) to the access of the API in list.
Identifying information generation unit 304 exports to coded message generation unit 308 the developer's name d20, the identifying information d22 of transmission that obtain and the access control information d30 of generation.
(step S106)
Coded message generation unit 308 obtains developer's name d20, identifying information d22 and the access control information d30 of self-identification information generation unit 304.
Coded message generation unit 308, according to the key information k10 generated in the past, is encoded to developer's name d20, identifying information d22 and access control information d30, thus generates coded message d32.Note, key information k10 is stored in key-information storage unit 310.
Now, coded message generation unit 308 adopts irreversible coding technology as coding techniques.Note, any irreversible coding technology based on key information can be adopted to generate coded message d32.The coding techniques generating a kind of illustration of coded message d32 is keyed Hash.
(step S108)
Coded message generation unit 308, identifying information d22, access control information d30 and coded message d32, sends developer's terminal 80 of developer u50 to.As a result, inform that developer u50 is based on it to developer u50, exploitation personnel u50 has been the API of its request use authority, the information of developing application d10, i.e. identifying information d22, access control information d30 and coded message d32.
[using relevant operation with the control of control API]
Next, with reference to figure 9, illustrate and work as the instruction that messaging device 10 receives user terminal 20, confirm the mandate using API50 subsequently, and when carrying out the access control to API50, the flow process of the process undertaken by messaging device 10 and user terminal 20.Fig. 9 is the sequence chart of the sequence of operations of the messaging device 10 representing the present embodiment.
(step S202)
When application program d10 is activated, communications processor element 252 solicited message treatment facility 10 generates coding key information.
When receiving the generation request of key information from user terminal 20, random number generation unit 152 generates coding key information k20.An object lesson of key information k20 is the information of stochastic generation, such as random number.Note, key information k20 is not limited to random number, can take functional any form of the key that can be provided for carrying out coded treatment.
(step S204)
Random number generation unit 152 sends user terminal 20 to the key information k20 generated.Random number generation unit 152 also exports to identifying unit 156 the key information k20 generated.
When receiving key information k20 from messaging device 10, communications processor element 252 exports to coding processing unit 254 the key information k20 obtained.
(step S206)
Coding processing unit 254 obtains the key information k20 from communications processor element 252.When obtaining key information k20, coding processing unit 254 reads coded message d32 from coded message storage unit 258.Coding processing unit 254, according to the key information k20 obtained, to the coded message d32 coding read, thus generates coded message d52.
Now, coding processing unit 254 adopts irreversible coding technology as coding techniques.Note, any irreversible coding technology based on key information can be adopted to generate coded message d52.A kind of illustration coding techniques generating coded message d52 is keyed Hash.
Coding processing unit 254 exports to communications processor element 252 the coded message d52 generated.Communications processor element 252 obtains the response as the output to key information k20, from the coded message d52 of coding processing unit 254.
(step S208)
Communications processor element 252, from access control information storage unit 256, reads developer's identifying information (such as, developer's name d20 and identifying information d22) and access control information d30.Communications processor element 252 obtain coded message d52, and from access control information storage unit 256 read developer's identifying information and access control information d30, send messaging device 10 to as authentication information.
Now, communications processor element 252 transmits developer's identifying information in authentication information and access control information d30 to messaging device 10, and does not carry out irreversible process to it.Communications processor element 252 at least can transmit the developer's identification information in authentication information to messaging device 10, and is not encrypted or coded treatment it.
(step S210)
Authentication information acquiring unit 154 obtains the developer's identifying information as the authentication information from messaging device 10, access control information d30 and coded message d52.Authentication information acquiring unit 154 exports to identifying unit 156 the authentication information obtained.
Identifying unit 156, from random number generation unit 152, obtains key information k20.Identifying unit 156 also from authentication information acquiring unit 154, certified Information.Identifying unit 156, also from key-information storage unit 310, reads key information k10.
Identifying unit 156, according to key information k10, is encoded to the developer's identifying information be included in the authentication information of acquisition and access control information d30, thus generates coded message d42.Note at this moment, the coded treatment that the coded treatment of the coded message generation unit 308 of identifying unit 156 basis and management server 30 is same, generate coded message d42.
After generation coded message d42, identifying unit 156, according to key information k20, to the coded message d42 coding generated, thus generates coded message d62.Note at this moment, the coded treatment that identifying unit 156 is same according to the coded treatment of the coding processing unit 254 with user terminal 20, generate coded message d62.
Identifying unit 156 compares the coded message d62 of generation and the coded message d52 of acquisition, when information d62 conforms to d52, the developer indicated is identified as the developer asking use authority in advance by developer's identifying information.
(step S212)
When the developer indicated by developer's identifying information is identified as the developer asking use authority in advance, identifying unit 156 is to access control unit 160 output access control information d30.Attention is not when being identified as the developer indicated by developer's identifying information the developer asking use authority in advance, and identifying unit 156 can refuse the access of user terminal 20.In this case, user terminal 20 receives the notice of the access reject from identifying unit 156, thus stops application program d10.On the other hand, such as, when the developer indicated by developer's identifying information not being identified as the developer asking use authority in advance, identifying unit 156 can export instruction only for the access control information not needing the access permission of asking the API of use authority for it in advance to access control unit 160.
Identifying unit 156 can indicating the information of developer that be indicated by developer's identifying information, and such as, developer's name d20 and identifying information d22 one of at least exports to indicative control unit 158.Note, in the following description, assuming that identifying unit 156 all exports to indicative control unit 158 developer's name d20 and identifying information d22.
Indicative control unit 158 obtains developer's name d20 from identifying unit 156 and identifying information d22.Indicative control unit 158 makes display unit 106 identifiably show developer's name d20 and the identifying information d22 of acquisition, that is, the information of the developer of the application program d10 of instruction execution.
(step S214)
Identifying unit 156 goes back informing user terminal 20, and the developer indicated by developer's identifying information has been judged as the developer asking use authority in advance.When receiving this notice, user terminal 20 can call for it asks the API of use authority in advance.
(step S216 and S218)
Access control unit 160, from identifying unit 156, obtains access control information d30.As the performance element (not shown) executive utility d10 of user terminal 20, during to call API (step S216), access control unit 160, according to access control information d30, allows or limits the execution (step S218) of API.
As an object lesson, if be not particularly limited for the use of called API, thus need not ask the mandate using described API in advance, so access control unit 160 allows the execution of API.When allowing the execution of API, described API is performed by the performance element (not shown) of messaging device 10.
When the use for called API exists restriction, and according to access control information d30, when allowing the use of described API, access control unit 160 allows the execution of API.
On the other hand, when the use for called API exists restriction, and according to access control information d30, when not allowing the use of described API, access control unit 160 limits or forbids the execution of described API.Now, access control unit 160 can informing user terminal 20, and the execution of called API is not allowed to.
Thus, access control unit 160 according to access control information d30, the execution of each API in control API50.
<5. hardware configuration >
Be described above embodiment of the present disclosure.By cooperating of the following hardware with messaging device 10, realize the above information processing undertaken by messaging device 10.
Figure 10 is the key diagram of the illustration hardware configuration representing messaging device 10.As shown in Figure 10, messaging device 10 comprises central processing unit (CPU) 901, ROM (read-only memory) (ROM) 902, random access memory (RAM) 903, input equipment 908, output device 910, memory device 911, driver 912 and communication facilities 915.
CPU901 plays calculating treatmenting equipment and opertaing device, with according to various program, and all operations of control information treatment facility 10.CPU901 can be microprocessor.ROM902 preserves the program, calculating parameter etc. that CPU901 uses.The program that the run duration that RAM903 is kept at CPU901 temporarily uses, at described run duration, the parameter changed when needed, etc.These assemblies are linked together by the host bus comprising cpu bus etc.
Input equipment 908 comprises the input block allowing user's input information, such as button, switch etc., according to the input of user, generates input signal, and input signal is exported to the input control circuit of CPU901, etc.By operation input apparatus 908, the user of messaging device 10 can process by command information treatment facility 10.
Output device 910 such as comprises display device, such as liquid crystal display (LCD) equipment, Organic Light Emitting Diode (OLED) equipment, lamp etc.Output device 910 also comprises audio output apparatus, such as loudspeaker, earphone etc.Such as, the image of display device display shooting, the image of generation etc.On the other hand, audio output apparatus converts sound to voice data etc., then exports described sound.
Memory device 911 is the equipment for preserving data formed as the illustration storage unit of the messaging device 10 of the present embodiment.Memory device 911 can comprise storage medium, data is recorded to the recording unit of storage medium, reads the fetch equipment of data from storage medium, from the erasing apparatus of storage medium obliterated data, etc.Memory device 911 preserves the program and every data that are performed by CPU901.
Driver 912 is read/write devices of storage medium, and within messaging device 10 or outside.Driver 912 is from the removable storage medium loaded wherein, and such as disk, CD, magneto-optic disk, semiconductor memory etc. read information, and described information is exported to RAM903.Driver 912 also can write removable storage medium information.
Communication facilities 915 is such as the communication interface comprising communication facilities for being connected to network N etc.Especially, the communication facilities 915 of embodiment of the present disclosure comprises wireless (LAN (Local Area Network)) LAN communication facilities.Note, communication facilities 915 can comprise Long Term Evolution (LTE) communication facilities, or is carried out the wire communication facility that communicates by wire.
Note, network N is the wired or wireless transmission channel of the information from the equipment transmission being connected to network N.Such as, network N can comprise the public network of such as the Internet, telephone network, satellite communication link and so on, the various LAN (Local Area Network) (LAN) of such as Ethernet (registered trademark) calamity, various wide area network (WAN), etc.Network N also can comprise the dedicated network of such as Internet protocol-Virtual Private Network (IP-VPN) and so on.
The hardware configuration of Figure 10 is just for illustrating.The disclosure is not limited to the hardware configuration of Figure 10.Any hardware configuration of the operation of the messaging device 10 that can realize embodiment of the present disclosure can be adopted.
Can produce and make the hardware of such as CPU, ROM, RAM and so on of comprising in a computer provide the program with the functionally similar function of each assembly of above-mentioned messaging device.The computer-readable recording medium preserving described program can be provided.
<5. > is summed up
As mentioned above, according to the information handling system of the present embodiment, messaging device obtains the developer identifying information relevant to application program d10 from user terminal 20, and be whether the execution of the developer asking use authority in advance, control API according to the developer indicated by developer's identifying information of obtaining.By this structure, developer can be depended on, the use of restriction API.
In addition, in the information handling system of the present embodiment, the developer indicated by developer's identifying information can be shown as developer information v10, or developer's identifying information can by the network n1 that exposes to the open air between user terminal 20 and messaging device 10, thus, identifiably point out developer to user.Now, if provide the developer of other developer authorized that disguises oneself as without authorization the application program d10 of API for it, the developer so indicated when providing application program d10 does not conform to the developer indicated by developer's identifying information.So, even if when API is used without authorization by the developer of other developer authorized that disguises oneself as, also can make to utilize the user of application program d10 to discover this developer and to disguise oneself as other developer authorized.If this developer disguises oneself as other developer authorized to utilize the user of application program d10 to realize thus, so user finds the use without authorization of this developer, thus concomitantly, the without authorization use of developer to API of other developer authorized that disguises oneself as can be stoped.
Note, be described above the form wherein performed with developer information v10, show the process of developer indicated by developer's identifying information, and exploitation personal identification information is not encrypted or coded treatment on network n1, expose the example of the process of developer's identifying information.But, only can perform one of these process, disguise oneself as other developer authorized as long as can make to utilize the user of application program d10 to discover developer.
It will be understood by those skilled in the art that according to designing requirement and other factors, various amendment, combination, sub-portfolio and change can be produced, as long as they are within the scope of appended claim or its equivalent.
In addition, also can structure cost technology as follows.
(1) messaging device, comprising:
Acquiring unit, described acquiring unit is configured to from user terminal, obtain developer's identifying information, with the access control information that one or more functions controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have;
Identifying unit, described identifying unit is configured to judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance; With
Control module, described control module is configured to the result of determination according to identifying unit, controls the execution at least partially in one or more functions described based on access control information.
(2) according to the messaging device described in (1), wherein
Acquiring unit obtains the developer's identifying information it not being carried out to irreversible process from user terminal.
(3) according to the messaging device described in (2), wherein
Acquiring unit receives the data transmitted from user terminal, described packet containing not carrying out coded treatment and one of any developer's identifying information of encryption to it, and from described data acquisition developer identifying information.
(4) according to one of any described messaging device in (1)-(3), also comprise:
Indicative control unit, the Develop Application System personnel that described indicative control unit is configured to make to be indicated by developer's identifying information are identifiably shown.
(5) according to the messaging device described in (4), wherein
When developer's identifying information and the associated application work of access control information, indicative control unit makes the Develop Application System personnel indicated by developer's identifying information identifiably be shown.
(6) according to the messaging device described in (4) or (5), also comprise:
Display unit,
Wherein
Display unit makes the Develop Application System personnel indicated by developer's identifying information be shown.
(7) according to one of any described messaging device in (1)-(6), wherein
Acquiring unit obtains by according to predetermined key information, to the first coded message that exploitation personal identification information and access control information are encoded and produced in advance, and
Identifying unit is according to key information, to the developer's identifying information obtained from user terminal and access control information coding, thus generate the second coded message, and whether conform to the first coded message of acquisition according to the second coded message generated, judge whether the Develop Application System personnel indicated by the developer's identifying information obtained are the developers asking use authority in advance.
(8) according to one of any described messaging device in (1)-(6), also comprise:
Key information generation unit, described Key information generation unit is configured to generate coding and uses the first key information, and the first key information generated is exported to user terminal,
Wherein
Acquiring unit obtains by according to the first key information, to passing through according to the second predetermined key information, and the first coded message that the coded message produced in advance exploitation personal identification information and access control information coding is encoded and produced, and
Identifying unit is according to the second key information, to the developer's identifying information obtained from user terminal and access control information coding, according to the first key information, the coded message coding that result as described coding is exported, thus generate the second coded message, and whether conform to the first coded message of acquisition according to the second coded message generated, judge whether the Develop Application System personnel indicated by the developer's identifying information obtained are the developers asking use authority in advance.
(9) information processing method, comprising:
From user terminal, obtain developer's identifying information, and the access control information that one or more functions controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have;
Judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance; With
According to the result of determination of identifying unit, control the execution at least partially in one or more functions described based on access control information.
(10) a kind of program making computing machine perform following steps:
From user terminal, obtain developer's identifying information, and the access control information that one or more functions controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have;
Judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance; With
According to the result of determination of identifying unit, control the execution at least partially in one or more functions described based on access control information.

Claims (10)

1. a messaging device, comprising:
Acquiring unit, described acquiring unit is configured to obtain from user terminal the access control information that developer's identifying information and one or more functions for controlling whether to allow messaging device to have are performed, and developer's identifying information and access control information are associated with the application program that user terminal has;
Identifying unit, described identifying unit is configured to judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance; And
Control module, described control module is configured to the result of determination based on identifying unit, controls the execution at least partially in one or more functions described based on access control information.
2. according to messaging device according to claim 1, wherein
Acquiring unit obtains the developer's identifying information it not being carried out to irreversible process from user terminal.
3. according to messaging device according to claim 2, wherein
Acquiring unit receives the data transmitted from user terminal, and described packet contains the developer's identifying information of any one do not carried out it in coded treatment and encryption, and from described data acquisition developer identifying information.
4., according to messaging device according to claim 1, also comprise:
Indicative control unit, the Develop Application System personnel that described indicative control unit is configured to make to be indicated by developer's identifying information are identifiably shown.
5. according to messaging device according to claim 4, wherein
When the application work be associated with developer's identifying information and access control information, indicative control unit makes the Develop Application System personnel indicated by developer's identifying information identifiably be shown.
6., according to messaging device according to claim 4, also comprise:
Display unit,
Wherein
Indicative control unit makes the Develop Application System personnel indicated by developer's identifying information be shown.
7. according to messaging device according to claim 1, wherein
Acquiring unit passes the first coded message produced in advance exploitation personal identification information and access control information coding based on predetermined key information, and
Identifying unit is encoded to the developer's identifying information obtained from user terminal and access control information based on key information, thus generate the second coded message, and whether conform to the first coded message of acquisition based on the second coded message generated, judge whether the Develop Application System personnel indicated by the developer's identifying information obtained are the developers asking use authority in advance.
8., according to messaging device according to claim 1, also comprise:
Key information generation unit, described Key information generation unit is configured to generate coding and uses the first key information, and the first key information generated is exported to user terminal,
Wherein
Acquiring unit passes based on the first key information to the first coded message produced by encoding to the coded message that exploitation personal identification information and access control information are encoded and produced in advance based on the second predetermined key information, and
Identifying unit is encoded to the developer's identifying information obtained from user terminal and access control information based on the second key information, based on the coded message coding that the first key information exports the result as described coding, thus generate the second coded message, and whether conform to the first coded message of acquisition based on the second coded message generated, judge whether the Develop Application System personnel indicated by the developer's identifying information obtained are the developers asking use authority in advance.
9. an information processing method, comprising:
Obtain from user terminal the access control information that developer's identifying information and one or more functions for controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have;
Judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance; And
Based on the result of described judgement, control the execution at least partially in one or more functions described based on access control information.
10. the program making computing machine perform following steps:
Obtain from user terminal the access control information that developer's identifying information and one or more functions for controlling whether to allow messaging device to have are performed, developer's identifying information is relevant with the application program that access control information and user terminal have;
Judge whether the Develop Application System personnel of developer's identifying information instruction are the developers asking use authority in advance; And
Based on the result of described judgement, control the execution at least partially in one or more functions described based on access control information.
CN201410249642.5A 2013-06-14 2014-06-06 Information processing equipment, information processing method and program Active CN104239028B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013125827A JP2015001817A (en) 2013-06-14 2013-06-14 Information processing device, information processing method, and program
JP2013-125827 2013-06-14

Publications (2)

Publication Number Publication Date
CN104239028A true CN104239028A (en) 2014-12-24
CN104239028B CN104239028B (en) 2019-01-22

Family

ID=52020241

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410249642.5A Active CN104239028B (en) 2013-06-14 2014-06-06 Information processing equipment, information processing method and program

Country Status (3)

Country Link
US (1) US10433167B2 (en)
JP (1) JP2015001817A (en)
CN (1) CN104239028B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107316136A (en) * 2017-06-19 2017-11-03 广州市升龙灯光设备有限公司 A kind of stage lighting authorization method, electronic equipment and storage medium
CN109688467A (en) * 2018-12-11 2019-04-26 新视家科技(北京)有限公司 Television content control method and its device, electronic equipment, computer-readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090210702A1 (en) * 2008-01-29 2009-08-20 Palm, Inc. Secure application signing
CN101562621A (en) * 2009-05-25 2009-10-21 阿里巴巴集团控股有限公司 User authorization method and system and device thereof
CN102135883A (en) * 2011-03-14 2011-07-27 山东大学 Software-as-a-service (SaaS) application generation and deployment supporting method and device
US20130346742A1 (en) * 2012-06-25 2013-12-26 Safety Angle Inc. Method and System for Device Authentication

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090080659A1 (en) * 2007-09-21 2009-03-26 Texas Instruments Incorporated Systems and methods for hardware key encryption
WO2010041464A1 (en) * 2008-10-10 2010-04-15 パナソニック株式会社 Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit
US8589880B2 (en) * 2009-02-17 2013-11-19 International Business Machines Corporation Identifying a software developer based on debugging information
JP5339970B2 (en) * 2009-03-10 2013-11-13 富士通エフ・アイ・ピー株式会社 Information processing system, information processing method, and information processing program
US8279356B2 (en) * 2009-07-07 2012-10-02 Sony Corporation Active suppression by TV of white space device interference
CN101604371B (en) * 2009-07-22 2012-02-08 阿里巴巴集团控股有限公司 Method and system for controlling authority of plug-in unit
JP5252352B2 (en) * 2009-11-05 2013-07-31 クラリオン株式会社 Information terminal device, information terminal management system, and program
AU2011233415B2 (en) * 2010-03-30 2015-06-04 Kuraray Co., Ltd. Composite structural material, formed product and packaging material using the same, method for producing the composite structural material, and coating liquid
JP5129313B2 (en) * 2010-10-29 2013-01-30 株式会社東芝 Access authorization device
US20140344877A1 (en) * 2011-11-30 2014-11-20 Nippon Hoso Kyokai Reception device, program, and reception method
JP2012212922A (en) * 2012-06-29 2012-11-01 Sumitomo Bakelite Co Ltd Formation method of solder bump, solder bump, semiconductor device and manufacturing method therefor
KR20140071605A (en) * 2012-12-04 2014-06-12 삼성전자주식회사 Method for processing data, sensor device and user terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090210702A1 (en) * 2008-01-29 2009-08-20 Palm, Inc. Secure application signing
CN101562621A (en) * 2009-05-25 2009-10-21 阿里巴巴集团控股有限公司 User authorization method and system and device thereof
CN102135883A (en) * 2011-03-14 2011-07-27 山东大学 Software-as-a-service (SaaS) application generation and deployment supporting method and device
US20130346742A1 (en) * 2012-06-25 2013-12-26 Safety Angle Inc. Method and System for Device Authentication

Also Published As

Publication number Publication date
US10433167B2 (en) 2019-10-01
JP2015001817A (en) 2015-01-05
US20140372612A1 (en) 2014-12-18
CN104239028B (en) 2019-01-22

Similar Documents

Publication Publication Date Title
US10911424B2 (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
CN107770182B (en) Data storage method of home gateway and home gateway
KR102169947B1 (en) Method of establishing a trusted identity for an agent device
US20140173688A1 (en) Method and System for Providing Device-Specific Operator Data for an Automation Device in an Automation Installation
JP2019524016A (en) Methods for managing the status of connected devices
CN104380302A (en) Evaluating whether to block or allow installation of a software application
CN110535877B (en) Internet of things terminal identity authentication method and system based on double authentication
CN109587142B (en) Data security access module and equipment for service flow
CN104753674A (en) Application identity authentication method and device
WO2017113789A1 (en) Electronic device remote repair method, device, repaired device, and system
CN107566430B (en) Electric power mobile terminal compliance inspection and strategy control system
CN107896227A (en) Data calling method and device and equipment data cloud platform
CN103188677A (en) Client software authentication method and client software authentication device and client software authentication system
CN113872940A (en) Access control method, device and equipment based on NC-Link
CN102497398B (en) Sensor authentication method and system
CN108667802A (en) A kind of monitoring method and system of electric power application network safety
CN110266653B (en) Authentication method, system and terminal equipment
KR101775823B1 (en) Method and system for controlling device based internet of things
CN104239028A (en) Information processing device, information processing method and program
EP3849217A1 (en) Management of a reliable industrial control system via dedicated cellular network
WO2022106885A1 (en) Industrial control system
CN110611913B (en) Wireless network access method, system management platform and access system for nuclear power plant
CA3103971A1 (en) Secure deployment of software on industrial control systems
CN108737086A (en) System and method for reducing network safety event using intelligent password management
CN112068779A (en) Data storage system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant